[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink

Emond Papegaaij (Jira) Tue, 28 Jan 2020 13:26:22 -0800


     [ 
https://issues.apache.org/jira/browse/WICKET-6732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Emond Papegaaij updated WICKET-6732:
------------------------------------
    Description: 
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}

{code:java}
tag.put(
        "onclick",
        "var win = this.ownerDocument.defaultView || 
this.ownerDocument.parentWindow; " +
                "if (win == window) { window.location.href='" +
                url + "'; } ;return false");
{code}

{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
        tag.put("onclick", onClickJavaScript);
}
{code}

Similar code can be found in {{ExternalLink}}

  was:
{{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
{code:java}
tag.put("onclick", popupSettings.getPopupJavaScript());
{code}

{code:java}
tag.put(
        "onclick",
        "var win = this.ownerDocument.defaultView || 
this.ownerDocument.parentWindow; " +
                "if (win == window) { window.location.href='" +
                url + "'; } ;return false");
{code}

{code:java}
// If the subclass specified javascript, use that
final CharSequence onClickJavaScript = getOnClickScript(url);
if (onClickJavaScript != null)
{
        tag.put("onclick", onClickJavaScript);
}
{code}


> CSP: inline JS in Link and ExternalLink
> ---------------------------------------
>
>                 Key: WICKET-6732
>                 URL: https://issues.apache.org/jira/browse/WICKET-6732
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-core
>    Affects Versions: 9.0.0-M4
>            Reporter: Emond Papegaaij
>            Priority: Major
>
> {{org.apache.wicket.markup.html.link.Link}} uses a lot of inline JS, like:
> {code:java}
> tag.put("onclick", popupSettings.getPopupJavaScript());
> {code}
> {code:java}
> tag.put(
>       "onclick",
>       "var win = this.ownerDocument.defaultView || 
> this.ownerDocument.parentWindow; " +
>               "if (win == window) { window.location.href='" +
>               url + "'; } ;return false");
> {code}
> {code:java}
> // If the subclass specified javascript, use that
> final CharSequence onClickJavaScript = getOnClickScript(url);
> if (onClickJavaScript != null)
> {
>       tag.put("onclick", onClickJavaScript);
> }
> {code}
> Similar code can be found in {{ExternalLink}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (WICKET-6732) CSP: inline JS in Link and ExternalLink

Reply via email to